Security

Reply
Occasional Contributor II

CPPM Cluster Integration to AD

Hi Experts,
I have a cluster design CPPM and I want to integrate it to AD. Do I need to integrate it also from the subscriber's perspective or only in the publisher?
Thanks
Guru Elite

Re: CPPM Cluster Integration to AD

If you're using PEAPv0/EAP-MSCHAPv2 and each node is authenticating clients, then they all need it be joined to the domain.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: CPPM Cluster Integration to AD

Hi cappalli,
Thanks again for your help.
I am using EAP-TLS for authentication.
Guru Elite

Re: CPPM Cluster Integration to AD

Then you do not need to join your servers to the domain.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: CPPM Cluster Integration to AD

Hi cappalli,
But actually what we will do is to get the CN in the certificate the and check it against the AD. So meaning we still need to integrate it to the AD.
Guru Elite

Re: CPPM Cluster Integration to AD

You do not need to join the ClearPass servers to the domain. You only need to set up an AD authentication source that will be used for authorization.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: CPPM Cluster Integration to AD

hi cappalli,

yes you are correct but before we can set the AD as authentication source we need to integrate the CPPM cluster to the AD right? Do I need to integrate also the subscribers?

Guru Elite

Re: CPPM Cluster Integration to AD

All authentication source configuration is done on the publisher.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: CPPM Cluster Integration to AD

yes, meaning the AD integration will in the publisher only and not also in the subscribers?

Guru Elite

Re: CPPM Cluster Integration to AD

No. Just like most of the other configuration that is done on the publisher, it will work on all nodes.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: